CVE-2024-6333 – Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products
https://notcve.org/view.php?id=CVE-2024-6333
Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products. Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability. • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-015-for-Altalink-Versalink-and-WorkCentre-%E2%80%93-CVE-2024-6333-.pdf • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2020-36201
https://notcve.org/view.php?id=CVE-2020-36201
An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices. Se detectó un problema en determinados productos Xerox WorkCentre. No cifran apropiadamente las contraseñas. • https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20L_for_ConnectKey-1.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2018-20767
https://notcve.org/view.php?id=CVE-2018-20767
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution. Se ha descubierto un problema en los dispositivos Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836 y EC7856 en versiones anteriores a la R18-05 073.xxx.0487.15000. Hay una ejecución de comandos autenticada remota. • https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf • CWE-20: Improper Input Validation •
CVE-2018-20771
https://notcve.org/view.php?id=CVE-2018-20771
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution. Se ha descubierto un problema en los dispositivos Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836 y EC7856 en versiones anteriores a la R18-05 073.xxx.0487.15000. Hay una ejecución de comandos no autenticada remota. • https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf • CWE-20: Improper Input Validation •
CVE-2018-20770
https://notcve.org/view.php?id=CVE-2018-20770
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection. Se ha descubierto un problema en los dispositivos Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836 y EC7856 en versiones anteriores a la R18-05 073.xxx.0487.15000. Hay una inyección SQL ciega. • https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •